Privacy Policy

Certora Training Limited is committed to ensuring your privacy is protected. Should we ask you to provide personal information by which you can be identified then you can be assured that it will only be used in accordance with this privacy policy.

Certora will use the personal data collected during the course of your training, assessment or qualification to:

  • Deliver and verify your training, assessment or qualification and produce a certificate
  • Create training records
  • Provide your company with a complete and accurate record of your training history

Your data will be securely stored by Certora and shared only with those who legitimately require the information such as the relevant accrediting bodies and/or awarding organisations, regulatory bodies, government organisations (for example the ESFA) or as required by law.

Data will be held for as long as is required to provide your company with a complete and accurate record of your training history.

Certora is registered as a Data Controller (no.ZA157387) with the Information Commissioner’s Office (ICO).

Data Collection

The majority of the personal data we collect is classed as standard personal data such as the below general personal information:

  • Names and addresses
  • Telephone and email contact information
  • Date of birth
  • National insurance number
  • Driving licence/other official ID details
  • Photographs
  • Employment information (e.g. job title, employer, employee number)

For specific qualifications and apprenticeships it may be required to collect sensitive personal data such as race, ethnic origin, nationality or disability. This information is only collected when required by the awarding organisation, accrediting body or governmental organisation (for example the ESFA) or, in the case of a health condition, if the data subject is applying for a reasonable adjustment or special consideration.

The provision of any necessary sensitive information is actively asked of the data subject to ensure they are aware this has been provided and is only used for the purpose it is collected for.

Data Storage and Security

All personal data is held securely:

  • Electronic information is password protected
  • Physical copies are stored securely
  • Mobile devices are kept secure and password protected
  • No personal data is disclosed in any form to unauthorised third parties
  • Access to information internally is restricted to those with a legitimate purpose

Any hard copy personal data will be disposed of as confidential waste.

Information held electronically is deleted/destroyed when disposing of, or repurposing, a computer or laptop for another individual. User access to Certora’s systems is immediately suspended if an individual leaves the business.

Certora is protected to the best of our ability against data breaches and keeps its IT systems up to date with the latest antivirus, ransomware and firewall protection and by complying with the latest best practice for data storage and protection.

If Certora do suffer a personal data breach, the Data Controller will notify the ICO and the affected parties within 72 hours of the breach. Certora consider a breach to be an occurrence involving a loss of data which presents a risk to the rights and freedom of any individuals involved and could result in:

  • Discrimination
  • Damage to reputation
  • Financial loss
  • Loss of confidentiality
  • Any other significant economic or social disadvantage

Data Processing

Certora use the data collected to carry out our business services, i.e. to train and assess individuals who require training or qualifications. This will include using personal data to:

  • Respond to requests and enquiries
  • Provide our instructors, assessors and approved subcontractor providers with the appropriate information to conduct scheduled training/assessment
  • Evaluate the performance and progression of learners
  • Maintain a record of the individual’s training/qualifications
  • Produce training reports when requested by a company who require visibility of their workforce training/qualification completions
  • Provide the appropriate accrediting body/awarding organisation with information on the type of training/qualification undertaken
  • Produce a certificate for an individual who has completed a course/qualification or pass the information on to the relevant accrediting body/awarding organisation who produce the individual’s certificate
  • Process sales invoices to companies or individuals for services or training materials provided by Certora
  • Process purchase invoices for services or materials provided to Certora
  • Maintain quality standards
  • Deliver an Apprenticeship programme where personal learner information is collected in line with government agency requirements
  • Satisfy Ofsted requirements around learners with protected characteristics under the Equality Act (2010)

Data Sharing

Certora only shares data with those who legitimately require the information. This includes the following people/organisations:

  • Internal administrators
  • Instructors/assessors
  • Approved subcontractor training providers
  • Employers
  • Auditors/regulators
  • Accrediting bodies and awarding organisations
  • Government agencies

In certain circumstances personal data may be required to be disclosed to law enforcement agencies without consent of the data subject. Under these circumstances, Certora will disclose the requested data however, the Data Controller will ensure the request is legitimate, seeking assistance from the board and from Certora’s legal advisers where necessary.

Marketing Communications

New contacts and sales leads must be constantly brought in to Certora to ensure our survival and growth.

Although this is not an exhaustive list, Certora aim to bring in new contacts in the following ways:

  • Website
  • Cold calling
  • Visits
  • Leads across company groups
  • Leads through trade union groups
  • Marketing – online and trade magazines
  • Trade shows

Certora will only market to/contact companies where we believe content will be of legitimate interest to the company/individual and will always provide them with the opportunity to opt out. Certora does not use purchased leads to build up its contact database.

Website Users

Certora track activity on our website and engagement with our online marketing via cookies and marketing analysis tools, for example Google Analytics. Data retention controls are in place to periodically remove user data over time.

Retaining Data

Personal data for people who have attended one of our courses/qualifications must be stored and recorded to meet standards set by the Health and Safety Executive. The industry standard for keeping this data is a minimum of 7 years. After 7 years all paper copies of the personal data collected will be shredded onsite by an approved secure shredding company. Electronic data is stored indefinitely. Our customers use this data to prove compliance to the standards set by the accrediting bodies, legislation and HSE guidance.

If a contract ends between Certora and the customer, we can provide all the personal data that we hold about the customer and the individuals within the organisation if requested, however we will not delete the associated training/qualification records as this data may be requested as evidence of training/assessment if, for example, an individual has an accident.

Apprenticeship information is retained electronically for an indefinite period. This allows Certora to provide it upon request to governmental bodies or related organisations with a legal remit.

If a request for erasure is received by:

  • An attendee of a course/qualification: if an individual employed by a company requests the right to be forgotten, Certora will first check with the company to ensure that they approve of this data removal from their training records. Once approved, the data can be removed from the CRM
  • A CRM contact: if a contact no longer wishes to be contacted then we can remove that individual’s data from the CRM. If we have provided training/qualification for their company then we cannot delete their company record from our CRM as individual training records will be associated to it
  • Tracked online activity: anyone who would like records of their online activity removed can request to do so by emailing the Data Controller

Appendix A – Data Controller Registration

Certora Training Limited is registered as a Data Controller (no.ZA157387) with the Information Commissioner’s Office (ICO).

The Data Controller can be contacted at:

Certora Training Limited

Millennium Way

Chesterfield

Derbyshire

S41 8ND

01246 386900

email: data@certoratraining.co.uk

The Information Commissioner’s Office can be contacted at:

0303 1231113

https://ico.org.uk/